How to send all website logs on a remote log server

Milos
Milos Posts: 20  Freshman Member
Friend Collector First Comment
edited April 2021 in Security
I have an USG 110 device and willing to monitor the websites accessed through the device.
For this, I am forwarding the logs to a Graylog server which seems to work well.

The problem is that not all websites are logged. I can see a few of them, like:

    push.bitdefender.net : Computers and Technology, Rule_id=9, SSI=N (Content Filter)
    URL: push.bitdefender.net/poll?push_id=edb061ac-f2ce-4276-a5c3-a9bc1d3230d1
    00=10 01=push.bitdefender.net 02=9 03=forward

But many of them are just missing. How is this possible? Has this something to do with the categories I selected in the Content Filter? In there, I have a couple of categories selected and the option for those is set to block.

Looking forward to hearing from you. Which option for LOG should be enabled in the log settings for website tracking?



Best Answers

  • Milos
    Milos Posts: 20  Freshman Member
    Friend Collector First Comment
    Answer ✓
    Thank you @Ian31 , I was finally able to solve this out. None of the https websites were logged as I first had to enable: "Enable HTTPS Domain Filter for HTTPS traffic" in the content Filter settings under UTM Profile, it then worked.

All Replies

  • Milos
    Milos Posts: 20  Freshman Member
    Friend Collector First Comment
    Thanks @Ian31, this is exactly what I have, but not all logs are sent on the Graylog server side.
    I am opening a few web pages, and only some of those are shown.

    The only difference we have is that on my side, Action for managed web pages is set to Block and I only have a few categories there like: Nudity, Pornography, Weapons etc. Any idea?
  • Ian31
    Ian31 Posts: 166  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @Milos,
    That's weird.
    Since that's what I configured and got all the web sites access logs.
    The categories selected or not is not matter.
    The key is enable "Log all web pages" in content filter profile.

    Ian

  • Milos
    Milos Posts: 20  Freshman Member
    Friend Collector First Comment
    Answer ✓
    Thank you @Ian31 , I was finally able to solve this out. None of the https websites were logged as I first had to enable: "Enable HTTPS Domain Filter for HTTPS traffic" in the content Filter settings under UTM Profile, it then worked.

Security Highlight